DOCSLIB.ORG

Security Policy Enforcement in Application Environments Using Distributed Script-Based Control Structures

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Policy Enforcement in Application Environments Using Distributed Script-Based Control Structures University of Plymouth PEARL https://pearl.plymouth.ac.uk 04 University of Plymouth Research Theses 01 Research Theses Main Collection 2007 SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES FISCHER-HELLMANN, KLAUS-PETER http://hdl.handle.net/10026.1/1655 University of Plymouth All content in PEARL is protected by copyright law. Author manuscripts are made available in accordance with publisher policies. Please cite only the published version using the details provided on the item record or document. In the absence of an open licence (e.g. Creative Commons), permissions for further reuse of content should be sought from the publisher or author. SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES by KLAUS-PETER FISCHER-HELLMANN A thesis submitted to the University of Plymouth in partial fulfilment for the degree of DOCTOR OF PHILOSOPHY School of Computing, Communications and Electronics Faculty of Technology In collaboration with Darmstadt Node of the NRG Network at University of Applied Sciences Darmstadt September 2007 University of Plymouth Library Abstract Security Policy Enforcement in Application Environments Using Distributed Script-Based Control Structures Klaus-Peter Fischer-Hellmann Dipl.-Math. Business processes involving several partners in different organisations impose deman• ding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this pur• pose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architec• tures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the security- relevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept. Contents List of Figures ix List of Tables xi List of XML Snippets xii List of Abbreviations and Acronyms xiii Acknowledgements xvii Author's Declaration xix 1 Introduction I 1.1 Aims and Objectives 4 1.2 Thesis Structure 6 2 Cross-Organisational Deployment of Business Processes 9 2.1 Extended Use of Business Process Definition Languages in CBP Scenarios .... 11 2.2 Motivating Example of Cross-Organisational Business Process 13 2.2.1 Description of Business Process Example 14 2.2.2 Security Policy-Induced Restrictions in Cross-Organisational Business Process Execution 17 2.3 Security Issues Related to Cross-Organisational Deployment of CBP 19 ii 2.4 Restriction of Research to WS-BPEL without Loss of Generality 22 2.5 Summary 25 Approaches to Specification and Enforcement of Security Policies 27 3.1 Specification of Security Aspects for Web Services 29 3.1.1 Web Service Security (WS-Security) 31 3.1.2 WS-SecurityPolicy 32 3.1.3 WS-Trust 32 3.1.4 Web Services Policy Framework (WS-PoIicy) 33 3.1.5 Security Assertion Markup Language (SAML) 33 3.1.6 extensible Access Control Markup Language (XACML) 34 3.2 Role-Based Access Control for Web Services and Business Processes 35 3.3 Relation of Programs and Programming Languages with Security Policies 38 3.4 Verification of Consistency between Program Code and Security Policies 43 3.5 Security Policy Enforcement via Code Instrumentation and Runtime Monitoring 45 3.6 Summary 48 Analysis of Security-Relevant Semantics of BPEL 52 4.1 Scope of Analysis 52 4.1.1 Search for Security-Relevant Building Blocks of BPEL Semantics 55 iii 4.1.2 Trade-Off Between Policy Strictness and Functional Richness 56 4.1.3 Need for Information Flow Analysis in Policy Compliance Assessment.... 58 4.1.4 Approach to Dispensability of Security Classification System 59 4.1.5 Risks of Policy Violations of Remotely Defined Business Processes 62 4.2 Overview of BPEL Semantics 63 4.2.1 General Structure of BPEL Scripts 66 4.2.2 Primitive and Structured Activities in Normal Process Flow 68 4.2.3 Additional Flow Control and Structuring Elements 70 4.2.4 Special Activities for Fault Handling 72 4.2.5 Concept of Multiple Instantiation in BPEL 73 4.2.6 Extensibility of BPEL and Problems for Compliance Assessment Involved 73 4.3 Classification of Security Policy-Derived Restrictions for WS Invocation 75 4.4 Security Analysis of Semantic Patterns of BPEL 82 4.4.1 Definition of Semantic Patterns of BPEL 82 4.4.2 Results of Security Analysis of Semantic Patterns 83 4.5 Considerations with Respect to Separation of Duty Constraints 92 4.6 Summary 94 IV 5 Specification of Security Policy for Compliance Assessment of CBPs 96 5.1 Redefinition of Security Policy in Terms of Security-Relevant Semantic Patterns 99 5.2 Security Policy Statement 100 5.2.1 Security Policy Statement Template 101 5.2.2 Internal Web Service Restriction Statement 105 5.2.3 External Web Service Restriction Statement 109 5.3 Approach to Reduce Complexity of Security Policy Statements 112 5.4 Coping with Dynamic Aspects in Static Compliance Analysis 114 5.5 Summary 118 6 Security Policy Compliance Assessment for BPEL Scripts 120 6.1 Procedure of Compliance Assessment 120 6.1.1 Prerequisites for Compliance Assessment 121 6.1.2 Analysis of Declaration Part in BPEL Script 122 6.1.3 Checking BPEL Script for Security-Relevant Semantic Patterns 123 6.1.4 Example of Covert Channel Establishment in BPEL Script 124 6.1.5 Information Flow Analysis in Parallel Flows 126 6.2 Workflows in Distributed Definition and Execution of CBPs 128 6.3 Delegation of Security Policy Compliance Assessment 132 V 6.3.1 Domain-Internal Delegation of Compliance Assessment 133 6.3.2 Domain-External Delegation of Compliance Assessment 134 6.4 Summary 137 7 Proof of Concept by Research Prototype 139 7.1 Scope of Research Prototype 139 7.2 Machine-Readable Format of Security Policy Statement 147 7.2.1 Rationale for Definition of XML Schema in Current Form 148 7.2.2 Annotated SPS Schema in Condensed Notation 149 7.3 Architecture of Research Prototype 154 7.4 Functionality of Research Prototype at a Glance 156 7.4.1 Conversion of SPS into Internal Representation 157 7.4.2 Conversion of Variable Declarations into Internal Representation 158 7.4.3 Combined Forward/Backward Information Flow Analysis 158 7.4.4 Handling of Parallel Flows in Information Flow Analysis 161 7.4.5 Implementation of Covert Channel Prevention 162 7.5 Evaluation of Research Prototype 163 7.6 Summary 167 VI 8 Examining the Wider Applicability of the Results 170 8.1 Motivation for Remote Definition of Grid Processes 171 8.2 Approaches to Specification of Grid Service Security 177 8.3 Security-Relevant Semantic Patterns in BPEL-Based Grid Processes 179 8.4 Rewriting Security Policies to Support Pre-Execution Security Policy Assessment 184 8.5 Delegation of Security Assessment 189 8.6 Summary 192 9 Conclusions and Directions of Further Research 194 9.1 Achievements of the Research 194 9.2 Limitations of the Research 197 9.3 Directions of Further Research 201 Appendices 203 A. 1. Published Papers 203 A.2. XML Schema for Security Policy Statement 206 A.3. Outline of Sophisticated Covert Channel Prevention for Activity validate 211 A.4. Java Code of Research Prototype 213 A.5. Examples of BPEL Scripts Used for Validation of
Load more

Recommended publications
  • Download.Php/10347/Wsbpel- Specification-Draft-120204.Htm, Last Accessed 2004-12-28
    Chapter 1: Security Security-relevance of semantic patterns in cross-organisational business processes using WS-BPEL K.P.Fischer1,2,3, U.Bleimann1, W.Fuhrmann1 and S.M.Furnell2,4 1 Aida Institute of Applied Informatics, University of Applied Sciences Darmstadt, Germany 2 Network Research Group, University of Plymouth, Plymouth, United Kingdom 3 Digamma Communications Consulting GmbH, Darmstadt, Germany 4School of Computer and Information Science, Edith Cowan University, Perth, Australia e-mail: [email protected] Abstract This paper gives an overview of the research project considering security aspects in the context of business process management. In particular, security issues arising when scripts written in the standardized scripting language WS-BPEL (formerly: BPEL4WS or BPEL for short) implementing cross-organisational business processes on top of Web services are deployed across security domain boundaries, are being investigated. It analyses the security- relevant semantics of this scripting language in order to facilitate checking for compliance with security policies effective at the domain of execution. Keywords Security Policy, Policy Enforcement, Cross-Organisational Business Process (CBP), Semantic Analysis, Web Services, Web Services Business Process Execution Language (WS-BPEL, BPEL) 1. Introduction Web services are currently considered a broadly adopted approach for the realization of a service oriented architecture (SOA) used in service oriented computing (SOC) (Curbera et al., 2003; Foster and Tuecke, 2005; Papazoglou and Georgakopoulos 2003). Web services, and the composition or orchestration of them, play a central role in current approaches to service oriented computing (Berardi et al., 2003). Service orientation is also expected to play an important role in grid computing, where the provisioning of computing resources within a conceptual huge network of collaborating computers and devices can also be fostered by services (so called grid services in this context) (Tuecke et al., 2003; ).
    [Show full text]
  • Download.Php/10347/Wsbpel-Specification-Draft-120204.Htm, Last Accessed 2004-12-28
    A Security Infrastructure for Cross-Domain Deployment of Script-Based Business Processes in SOC Environments K.P.Fischer1,3, U. Bleimann1, W. Fuhrmann1, S.M Furnell2,4 1 Aida Institute of Applied Informatics, University of Applied Sciences Darmstadt, Germany 2 Network Research Group, University of Plymouth, Plymouth, United Kingdom 3 Digamma Communications Consulting GmbH, Darmstadt, Germany 4School of Computer and Information Science, Edith Cowan University, Perth, Australia e-mail: [email protected] Abstract This paper addresses security aspects arising in service oriented computing (SOC) when scripts written in a standardized scripting language such as WS-BPEL (formerly: BPEL4WS or BPEL for short), BPML, XPDL, WSCI in order to implement business processes on top of Web services are deployed across security domain boundaries. It proposes an infrastructure and methods for checking the scripts deployed, prior to execution, for compliance with security policies effective at the domain in which a remotely developed script-based business process is to be executed. Keywords Security Policy, Policy Enforcement, Service Oriented Computing (SOC), Service Oriented Architecture (SOA), Business Process Management, Web Services, Web Services Business Process Execution Language (WS-BPEL) 1. Introduction Service oriented computing (SOC) is currently considered one of the most promising new paradigms for distributed computing (Papazoglou and Georgakopoulos, 2003). Though com- paratively new, a significant amount of research has already been dedicated to this area (e.g. Deubler et al. 2004). Web services, and the composition or orchestration of them, play a central role in current approaches to service oriented computing (Berardi et al. 2003). Service orientation is also expected to have an important influence in the area of grid computing, where the provisioning of computing resources within a conceptual huge network of collaborating computers and devices can also be fostered by services (so called grid services in this context) provided by different nodes (Tuecke et al.
    [Show full text]
  • Bpelscript: a Simplified Script Syntax for WS-BPEL
    Institute of Architecture of Application Systems BPELscript: A Simplified Script Syntax for WS-BPEL 2.0 Marc Bischof, Oliver Kopp, Tammo van Lessen, Frank Leymann Institute of Architecture of Application Systems University of Stuttgart Universit¨atsstraße 38, 70569 Stuttgart, Germany http://www.iaas.uni-stuttgart.de in: 35th Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2009). See also BibTEX entry below. BibTEX: @inproceedings {BPELscript, author = {Marc Bischof and Oliver Kopp and Tammo van Lessen and Frank Leymann}, title = {{BPELscript: A Simplified Script Syntax for WS-BPEL 2.0}}, booktitle = {35th Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2009)}, publisher = {IEEE}, year = {2009}, keywords = {service orchestration; service scripting; BPEL; BPM lifecycle}, } © 2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. BPELscript: A Simplified Script Syntax for WS-BPEL 2.0 Marc Bischof, Oliver Kopp, Tammo van Lessen, Frank Leymann Institute of Architecture of Application Systems Universitat¨ Stuttgart Stuttgart, Germany [email protected], [email protected] Abstract—Business processes are usually modeled using graphical notations such as BPMN. As a first step towards execution as workflow, a business process is transformed to an abstract WS-BPEL process. Technical details required for execution are added by an IT expert. While IT experts expect Java-like syntax for programs, WS-BPEL requires processes to be expressed in XML.
    [Show full text]
  • Open Geospatial Consortium, Inc
    Open Geospatial Consortium, Inc. Date: 2009-09-11 Reference number of this document: OGC 09-064r2 Version: 0.3.0 Category: Public Engineering Report Editor(s): Ingo Simonis OGC® OWS-6 Sensor Web Enablement (SWE) Engineering Report Copyright © 2009 Open Geospatial Consortium, Inc. To obtain additional rights of use, visit http://www.opengeospatial.org/legal/. Warning This document is not an OGC Standard. This document is an OGC Public Engineering Report created as a deliverable in an OGC Interoperability Initiative and is not an official position of the OGC membership. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an OGC Standard. Further, any OGC Engineering Report should not be referenced as required or mandatory technology in procurements. Document type: OpenGIS® Public Engineering Report Document subtype: NA Document stage: Approved for Public Release Document language: English OGC 09-064r2 Preface This document summarizes the work done in the SWE thread of OWS-6. Forward Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The Open Geospatial Consortium Inc. shall not be held responsible for identifying any or all such patent rights. Recipients of this document are requested to submit, with their comments, notification of any relevant patent claims or other intellectual property rights of which they may be aware that might be infringed by any implementation of the standard set forth in this document, and to provide supporting documentation. ii Copyright © 2009 Open Geospatial Consortium, Inc.
    [Show full text]
  • Specific Agreement N. 5719.00 Page 1 of 119
    Customer: JRC - Ispra Specific Agreement N. 5719.00 Page 1 of 119 Authors: Matteo Villa, Fabio Status for the invocation of INSPIRE Spatial Data Last update: 20/04/2011 Cattaneo Services TXT e-Solutions S.p.A. Specific Contract 3263 under framework contract DIGIT 06760 STATUS FOR THE INVOCATION OF INSPIRE SPATIAL DATA SERVICES Joint Research Centre – Ispra Date Name Fabio Cattaneo (TXT) Issued by Matteo Villa (TXT) Michel Millot (JRC) 20/04/2011 Lars Bernard, Marek Brylski Distribution list (INSPIRE Network Drafting Team) SPECIFIC CONTRACT No.3263 UNDER F.C. No.DI/06760 Customer: JRC - Ispra Specific Agreement N. 5719.00 Page 2 of 119 Authors: Matteo Villa, Fabio Status for the invocation of INSPIRE Spatial Data Last update: 20/04/2011 Cattaneo Services Table of Contents 1. Executive Summary ........................................................................................................................ 7 2. Introduction ................................................................................................................................... 8 3. Purpose and Scope ......................................................................................................................... 9 4. References and applicable documentations ................................................................................ 10 5. Existing Standards ........................................................................................................................ 11 5.1. Web-services: Overview and concepts .................................................................................
    [Show full text]
  • Security-Relevant Semantic Patterns of BPEL in Cross-Organisational Business Processes
    Security-Relevant Semantic Patterns of BPEL in Cross-Organisational Business Processes K.P.Fischer 1,3 , U.Bleimann 1, W.Fuhrmann 1, S.M.Furnell 2,4 1 Aida Institute of Applied Informatics, University of Applied Sciences Darmstadt, Germany 2 Network Research Group, University of Plymouth, Plymouth, United Kingdom 3 Digamma Communications Consulting GmbH, Darmstadt, Germany 4 School of Computer and Information Science, Edith Cowan University, Perth, Australia e-mail: [email protected] Abstract This paper presents results of the analysis of security-relevant semantics of business processes being defined by WS-BPEL (Web Services Business Process Execution Language, BPEL for short) scripts. In particular, security issues arising when such scripts defining cross-organisational business processes on top of Web services are de- ployed across security domain boundaries, give rise to this investigation. The analysis of security-relevant seman- tics of this scripting language will help to overcome these security issues making further exploitation of BPEL as a standard for defining cross-organisational business processes more acceptable. Semantic patterns being combi- nations of particular language features and Web services with specific access restrictions implied by security poli- cies are defined and analysed for this purpose. Applications of the results of this analysis to distributed definition and execution of BPEL-defined business processes may be found in a previous paper of the authors. Keywords Cross-Organisational Business Process (CBP), Web Services Business Process Execution Language (WS-BPEL, BPEL), Semantic Analysis, Security Policy, Web Services, Service Oriented Computing 1. Introduction Web services, and the composition or orchestration of them, play a central role in current ap- proaches to service-oriented computing (Berardi et al., 2003).
    [Show full text]
  • Simulation Software As a Service and Service-Oriented Simulation Experiment
    Georgia State University ScholarWorks @ Georgia State University Computer Science Dissertations Department of Computer Science Summer 7-28-2012 Simulation Software as a Service and Service-Oriented Simulation Experiment Song Guo Computer Sciences Follow this and additional works at: https://scholarworks.gsu.edu/cs_diss Recommended Citation Guo, Song, "Simulation Software as a Service and Service-Oriented Simulation Experiment." Dissertation, Georgia State University, 2012. https://scholarworks.gsu.edu/cs_diss/72 This Dissertation is brought to you for free and open access by the Department of Computer Science at ScholarWorks @ Georgia State University. It has been accepted for inclusion in Computer Science Dissertations by an authorized administrator of ScholarWorks @ Georgia State University. For more information, please contact [email protected]. SIMULATION SOFTWARE AS A SERVICE AND SERVICE-ORIENTED SIMULATION EXPERIMENT by SONG GUO Under the Direction of Xiaolin Hu ABSTRACT Simulation software is being increasingly used in various domains for system analysis and/or behavior prediction. Traditionally, researchers and field experts need to have access to the computers that host the simulation software to do simulation experiments. With recent advances in cloud computing and Software as a Service (SaaS), a new paradigm is emerging where simulation software is used as services that are composed with others and dynamically influence each other for service-oriented simulation experiment on the Internet. The new service-oriented paradigm brings new research challenges in composing multiple simulation services in a meaningful and correct way for simulation experiments. To systematically support simulation software as a service (SimSaaS) and service-oriented simulation experiment, we propose a layered framework that includes five layers: an infrastructure layer, a simulation execution engine layer, a simulation service layer, a simulation experiment layer and finally a graphical user interface layer.
    [Show full text]
  • End-User Service Composition from a Social Networks Analysis Perspective Abderrahmane Maaradji
    End-user service composition from a social networks analysis perspective Abderrahmane Maaradji To cite this version: Abderrahmane Maaradji. End-user service composition from a social networks analysis perspective. Other [cs.OH]. Institut National des Télécommunications, 2011. English. NNT : 2011TELE0028. tel-00762647 HAL Id: tel-00762647 https://tel.archives-ouvertes.fr/tel-00762647 Submitted on 7 Dec 2012 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. R !"#$ $ !" !" # %&' ( ! " !#$#$"% &' ("$ &' ))& ' $&! Abstract Service composition has risen from the need to make information systems more flexible and open. The Service Oriented Architecture has become the reference architecture model for applications carried by the impetus of Internet (Web). In fact, information systems are able to expose interfaces through the Web which has increased the number of available Web services. Moreover, with the emergence of Web 2.0, service composition has evolved toward Web users with limited technical skills. Those end-users, named Y generation, are participating, creating, sharing and commenting content through the Web. This evolution in service composition is translated by the reference paradigm of Mashup and Mashup editors such as Yahoo Pipes! This paradigm has established the service composition within end users com- munity enabling them to meet their own needs, for instance by creating applications that do not exist.
    [Show full text]
  • Restful Based Heterogeneous Geoprocessing Workflow
    Computers & Geosciences 47 (2012) 102–110 Contents lists available at SciVerse ScienceDirect Computers & Geosciences journal homepage: www.elsevier.com/locate/cageo RESTFul based heterogeneous Geoprocessing workflow interoperation for Sensor Web Service Chao Yang a,b, Nengcheng Chen a, Liping Di b,n a State Key Laboratory of Information Engineering in Surveying, Mapping and Remote Sensing, Wuhan University, 129 Luoyu Road, Wuhan, Hubei 430079, China b Center for Spatial Information Science and Systems, George Mason University, 4400 University Drive, MSN 6E1, Fairfax, VA 22030, USA article info abstract Article history: Advanced sensors on board satellites offer detailed Earth observations. A workflow is one approach for Received 19 March 2011 designing, implementing and constructing a flexible and live link between these sensors’ resources and Received in revised form users. It can coordinate, organize and aggregate the distributed sensor Web services to meet the 1 September 2011 requirement of a complex Earth observation scenario. Accepted 7 November 2011 A RESTFul based workflow interoperation method is proposed to integrate heterogeneous work- Available online 15 November 2011 flows into an interoperable unit. The Atom protocols are applied to describe and manage workflow Keywords: resources. The XML Process Definition Language (XPDL) and Business Process Execution Language RESTFul (BPEL) workflow standards are applied to structure a workflow that accesses sensor information and Workflow interoperation one that processes it separately. Then, a scenario for nitrogen dioxide (NO ) from a volcanic eruption is OGC Web Services 2 used to investigate the feasibility of the proposed method. The RESTFul based workflows interoperation NO2 system can describe, publish, discover, access and coordinate heterogeneous Geoprocessing workflows.
    [Show full text]
  • Web Service Orchestration Driven by Formal Specification
    Web service orchestration driven by formal specification Charif Mahmoudi1, Fabrice Mourlin1 1LACL, Computer Science department, Paris-Est University, 61 avenue du Général de Gaulle, 94010 Créteil Cedex, France, EA 4913 [email protected], [email protected] Abstract. When set of basic web service is built, the next step is to create more complex one. A programmatic approach uses declarative language such as BPEL. This kind of representation is verbose and needs assistance for the creation of business process. We defined a generative strategy leading by formal specification. Because, web service composition languages use standard operators like sequence, choice and parallel; process algebras are right candidate for their design. We use higher order pi calculus for specification of orchestration and consider it as a basis for generating BPEL skeleton. After enrichment of BPEL definition, we interpret it by mobile agents. They play role of a conductor which evaluates a part or a whole BPEL definition. This mobile engine reduces message traffic by replacing message transfer into local message operating. We use mobile agent as distributed conductor of business processes. Keywords: web service, orchestration, composition language, process algebra mobile agent, 1. Introduction Web Services mean many things to many people. Today, a lot of developers have tried to expose web services on their local network. Their first example is often to build a simple web service that generates a response based on information received from the client. But also, it shows how to consume various existing framework web services, including existing services such that computing service (Choleski computation) or geographical service (a map of a next trip in Edinburgh).
    [Show full text]